replication: fix crash on access to a not yet ready relay

sergepetrenko · sergepetrenko · commit 0ef5e3b22f2a · 2023-05-31T15:20:13.000+03:00
All the code outside of relay.cc judges about relay's liveliness looking only at relay state. When relay->state is RELAY_FOLLOW, the relay is considered operational. This is not always true: for example, both relay_push_raft() and relay_trigger_vclock_sync() are only possible after relay thread pairs with tx via the cbus. This happens **after** the relay enters RELAY_FOLLOW state. Fix the possible access to uninitialized cpipe by relay_trigger_vclock_sync(): make it a nop until the relay is paired with tx. Closes tarantool#7991 NO_DOC=bugfix NO_TEST=covered by replication-luatest/linearizable_test.lua
diff --git a/changelogs/unreleased/gh-7991-relay-crash.md b/changelogs/unreleased/gh-7991-relay-crash.md
@@ -0,0 +1,4 @@
+## bugfix/replication
+
+* Fixed a crash when using transactions with the linearizable isolation level during
+  a replica reconnect (gh-7991).
diff --git a/src/box/relay.cc b/src/box/relay.cc
@@ -902,6 +902,8 @@ int
 relay_trigger_vclock_sync(struct relay *relay, uint64_t *vclock_sync,
 			  double deadline)
 {
+	if (!relay->tx.is_paired)
+		return 0;
 	struct relay_trigger_vclock_sync_msg *msg =
 		(struct relay_trigger_vclock_sync_msg *)xmalloc(sizeof(*msg));
 	msg->relay = relay;

Original file line number	Diff line number	Diff line change
`@@ -902,6 +902,8 @@ int`
`902`	`902`	`relay_trigger_vclock_sync(struct relay relay, uint64_t vclock_sync,`
`903`	`903`	`double deadline)`
`904`	`904`	`{`
	`905`	`+ if (!relay->tx.is_paired)`
	`906`	`+ return 0;`
`905`	`907`	`struct relay_trigger_vclock_sync_msg *msg =`
`906`	`908`	`(struct relay_trigger_vclock_sync_msg )xmalloc(sizeof(msg));`
`907`	`909`	`msg->relay = relay;`